=================================================================== RCS file: /cvs/openbsd/fw_update/fw_install.sh,v retrieving revision 1.42 retrieving revision 1.49 diff -u -r1.42 -r1.49 --- openbsd/fw_update/fw_install.sh 2021/12/01 03:11:43 1.42 +++ openbsd/fw_update/fw_install.sh 2021/12/02 04:00:37 1.49 @@ -1,5 +1,5 @@ #!/bin/ksh -# $OpenBSD: fw_install.sh,v 1.42 2021/12/01 03:11:43 afresh1 Exp $ +# $OpenBSD: fw_install.sh,v 1.49 2021/12/02 04:00:37 afresh1 Exp $ set -e # Copyright (c) 2021 Andrew Hewus Fresh @@ -21,15 +21,26 @@ echo "${DESTDIR}/tmp" } -# tmpdir, do_as, unpriv, and unpriv2 are from install.sub +# tmpdir, do_as, and unpriv are from install.sub +# modified to use su(1) when not in the installer. +# modified to use mktemp(1) when not in the installer. # Create a temporary directory based on the supplied directory name prefix. tmpdir() { local _i=1 _dir + if [[ -z $1 ]]; then + echo No tmpdir >&2 + exit 1 + fi - until _dir="${1?}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do - ((++_i < 10000)) || return 1 - done + if [[ -e /usr/bin/mktemp ]]; then + _dir=$( /usr/bin/mktemp -d $1 ) + chown _file "$_dir" + else + until _dir="${1%-+(X)}.$_i.$RANDOM" && mkdir -- "$_dir" 2>/dev/null; do + ((++_i < 10000)) || return 1 + done + fi echo "$_dir" } @@ -75,10 +86,6 @@ } unpriv() { - do_as _sndio "$@" -} - -unpriv2() { do_as _file "$@" } @@ -97,8 +104,8 @@ # Otherwise, the fw_update after first boot will fix it up for us. HTTP_FWDIR=$FWDIR -set -- sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" /var/run/dmesg.boot -[[ $1 == -!(stable) ]] && HTTP_FWDIR=snapshots +VTYPE=$( sed -n "/^OpenBSD $VNAME\([^ ]*\).*$/s//\1/p" /var/run/dmesg.boot | sed '$!d' ) +[[ $VTYPE == -!(stable) ]] && HTTP_FWDIR=snapshots FWURL=http://firmware.openbsd.org/firmware/${HTTP_FWDIR} FWPUB_KEY=${DESTDIR}/etc/signify/openbsd-${VERSION}-fw.pub @@ -141,9 +148,9 @@ done # Create a download directory for the firmware and - # check that the _sndio user can read files from + # check that the _file user can read files from # it. Otherwise cleanup and skip the filesystem. - if _tmpsrc=$(tmpdir "$_tmpfs/firmware"); then + if _tmpsrc=$(tmpdir "$_tmpfs/firmware-XXXXXXXXX"); then ( >$_tmpsrc/t && $_unpriv cat $_tmpsrc/t @@ -164,8 +171,7 @@ echo "Cannot fetch SHA256.sig" >&2 && return 1 # Verify signature file with public keys. - ! $_unpriv -f "$_cfile" \ - signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" && + ! signify -Vep $FWPUB_KEY -x "$_cfile.sig" -m "$_cfile" && echo "Signature check of SHA256.sig failed" >&2 && return 1 for _d in $_drivers; do @@ -190,8 +196,8 @@ # sha256. Create a flag file in case ftp failed. Firmware # from net is written to the prefetch area. ( $_unpriv ftp -D "$_t" -Vmo - "$_src/$_f" || >/tmp/fail ) | - ( $_srclocal && unpriv2 sha256 -b >/tmp/h || - unpriv2 -f /tmp/h sha256 -bph /tmp/h >"$_tmpsrc/$_f" ) + ( $_srclocal && sha256 -b >/tmp/h || + sha256 -bph /tmp/h >"$_tmpsrc/$_f" ) # Handle failed transfer. if [[ -f /tmp/fail ]]; then